Possess in-depth knowledge of network endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure: acts as an incident “ hunter.” Not waiting for escalated incidents; closely involved in developing, tuning and implementing threat detection analytics.

Forensic Investigations (Host and Network):

Conducts and/or supervises computer forensic examinations to include the collection, preservation, processing, and analysis of digital evidence. Substantiates or disproves investigative allegations through adherence to the highest level of industry standards associated with the forensic examination of digital media.

Malicious/Anomalous Activity Discovery:

The successful candidate will be responsible for hunting for malicious or anomalous activity across the enterprise, using existing tools. Acts in coordination with current SOC staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and Insider Threat activities within the organization. Maintains the ability to rapidly perform a variety of technical tasks including network traffic analysis, system forensics, malware analysis, and signature generation before moving on to the next area of focus within the enterprise. Provide tailored remediation and counter-measure recommendations to network defenders.

Cyber Incident Response:

Responsible for leading rapidly evolving incident response engagements as a key technical expert and member of the Computer Security Incident Response Team (CSIRT), assisting and responding to incidents in coordination with the security operations center. Acts as subject matter expert on forensic artifacts (network and host-based) as they pertain to system compromises and malware infections. Provides written summaries and analysis of incidents for management review.

Cyber Threat Intelligence Analysis / Staff Awareness:

Works to identify potential and actual cyber threats to systems and networks.

Required experience:

Highly motivated, interested in the fields of cyber defense and cyber research

Inquisitive, and able to research new highly technical subjects

Strong experience with SPLUNK or similar tools

Prior incident response experience

Experience with forensic tools including EnCase, FTK, NetWitness, WireShark, or similar

Familiar with sound forensic principles, techniques, and processes.

Malware analysis skills, with a general understanding of reverse engineering techniques.

Advanced understanding of Windows internals and Windows networks.

Understanding of enterprise networks, security infrastructure, and common network protocols